Intune Integration with Microsoft Defender for Endpoint

Let’s learn the Intune Integration with Microsoft Defender for Endpoint. This article will explore the seamless integration between Microsoft Defender for Endpoint and Intune.

How you can manage workflows of Microsoft Defender for the endpoint from Intune. The article will discuss the licensing requirements, gotchas, and missing devices node in the Microsoft 365 Defender portal Assets.

In this post, we are explaining the first part of the Microsoft Intune and Defender integration process. While integrating Microsoft Defender for Endpoint and Intune offers numerous benefits, it’s essential to be aware of potential challenges or “gotchas.”

Integrating Microsoft Defender for Endpoint with Intune offers organizations a powerful combination for managing security workflows. In this article, we will focus on the points such as the devices node missing from Microsoft 365 Defender portal, Fixing this issue, and the licensing requirements.

Patch My PC

What is Microsoft 365 Defender?

Microsoft-Defender

Microsoft 365 Defender offers a comprehensive and integrated approach to safeguarding organizations in every aspect of their digital ecosystem. It provides a unified solution that extends protection to endpoints, identities, emails, apps, and cloud applications.

By combining advanced security technologies, Microsoft 365 Defender assists organizations in both preventing and mitigating the impact of security breaches, ensuring robust defense in pre- and post-breach scenarios. Enterprise defense suite that natively coordinates:

1. Detection
2. Prevention
3. Investigation
4. Response

What is Microsoft Defender for Endpoint?

Microsoft-Defender

Microsoft Defender for Endpoint (MDE) is an enterprise endpoint security platform that secures endpoints within organizations. It is a robust and comprehensive endpoint security solution designed to provide advanced protection, detection, and response capabilities.

Adaptiva

MDE integrates with Intune to support End to End Device Management. MS Defender for endpoint provides different capabilities, such as

1. Alerts
2. Hunting
3. Reporting
4. Threat and vulnerability management
5. Events
6. Actions and security analytics.

What are the Licensing Requirements for Microsoft Defender for Endpoint?

Microsoft-Defender

You need a defender for endpoint plan 1 or Plan 2 to manage the endpoint with Defender policies or Defender. Endpoint plans 1 or plan 2 don’t include server licenses.

To onboard servers to those plans, you need either Microsoft Defender for Cloud or Microsoft Defender for Business servers.

Video -Intune Integration with Microsoft Defender for Endpoint

Let’s discuss Intune Integration with Microsoft Defender for Endpoint in this video. This video shows that the Devices node is missing in Microsoft 365 Defender portal. If you go to the assets section in the Microsoft 365 Defender portal, you can only see the identities tab. In the video, you can see why this is happening, the reason for this, etc.

Intune Integration with Microsoft Defender for Endpoint – Video 1

Missing Devices Node in Microsoft 365 Defender Portal

Let’s discuss the Missing Devices Node in Microsoft 365 Defender Portal. In the below window, you can see the Device node is missing. Launch the Microsoft 365 admin center by signing in with your administrator account. And under the Assets tab, you can only see the Identities option.

Intune Integration with Microsoft Defender for Endpoint - fig.1
Intune Integration with Microsoft Defender for Endpoint – fig.1

You can log in to the Microsoft 365 admin center portal and check whether you have the appropriate license. Here we are taking a trial version of Microsoft Defender for the endpoint.

Intune Integration with Microsoft Defender for Endpoint - fig.2
Intune Integration with Microsoft Defender for Endpoint – fig.2

You can log off and back into Microsoft 365 Defender to check whether the device’s node will be available. Here we are taking the trial version. The Azure AD SSPR Self-Service Password Reset Guide video explains how to take the trial version.

After signing in, you can see a new pop-up in the below window. The new pop-up shows “Your new endpoint protection home,” meaning the issue was with the license. The Microsoft Defender for endpoint was formerly known as Microsoft Defender Advanced Tread Protection.

  • You are missing the license if you don’t see the devices node in the Microsoft 365 Defender portal.
  • You need to purchase the license then the configuration options for endpoints and Devices will appear in the M365 Defender portal.
Intune Integration with Microsoft Defender for Endpoint - fig.3
Intune Integration with Microsoft Defender for Endpoint – fig.3

The below window shows the Intune portal experience when you try to integrate microsoft Defender for an endpoint with Intune. Sign in to the Intune Admin Center portal. Select the Endpoint security tab from Intune admin center portal.

  • Select Microsoft Defender for Endpoint from the Endpoint Security tab.
  • Under the Microsoft Defender for Endpoint, you can see the Configuring Microsoft Defender for Endpoint.
  • The below table shows the steps for setup a connection to Intune via the Microsoft Defender Security Center.
Steps to Integrate Microsoft Defender for an Endpoint with Intune.
Setup a connection to Intune via the Microsoft Defender Security Center
After a connection is established. Click the Refresh at the top of this section to hide this guide and enable the settings
Configure the settings
Intune Integration with Microsoft Defender for Endpoint – Table 1
Intune Integration with Microsoft Defender for Endpoint - fig.4
Intune Integration with Microsoft Defender for Endpoint – fig.4

From the above window, click the link “Connect Microsoft Defender for Endpoint to Microsoft Intune in the Microsoft Defender Security Center.” Click the link to Microsoft 365 Defender for the Endpoint portal.

  • Under the Devices tab, select the Onboard Devices option
Intune Integration with Microsoft Defender for Endpoint - fig.5
Intune Integration with Microsoft Defender for Endpoint – fig.5

There are different options to onboard. Here we are showing the Intune to onboard devices. Clicking the advanced endpoint settings, you can see the Role permissions. Connect to Microsoft Intune to enable device information sharing and enhance policy enforcement.

  • Intune provides additional information about managed devices for secure scores.
  • It can use risk information to enforce conditional access policies etc.
  • Settings > Endpoint > Advanced Features
  • Enable Microsoft Intune Connection from Advanced features
  • Select the Save Preferences button from the below window
Intune Integration with Microsoft Defender for Endpoint - fig.6
Intune Integration with Microsoft Defender for Endpoint – fig.6

Go to Intune portal and Refresh the page. After refreshing the portal, the Connection status is Available and shows the Last synchronized date. From the Intune admin center, you can easily Enable the profile and all other settings, complaints policy related, etc.

  • You can easily Enable or Disable some of the settings from the below window.
Intune Integration with Microsoft Defender for Endpoint - fig.7
Intune Integration with Microsoft Defender for Endpoint – fig.7

Microsoft Defender for Endpoint | Microsoft Learn

Deploy Microsoft Defender for Endpoint in rings | Microsoft Learn

Author

About Author Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.

1 thought on “Intune Integration with Microsoft Defender for Endpoint”

  1. A feature missing from Defender for Business and Plan 1 is the logged on user card. This is a problem managing devices that move about as do some if our clients. If you need quickly ID a user of a given device, you cant. It seems the only option is to manually assign tags with user names. That is unless there’s another way. Do you have any advice here?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.